Efficient Software Implementation of the SIKE Protocol Using a New Data Representation

Tian, Jing; Wang, Piaoyang; Liu, Zhe; Lin, Jun; Wang, Zhongfeng; Groszschaedl, Johann

doi:10.1109/tc.2021.3057331

Cited by 8 publications

(4 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…As pointed out in the introduction, an approach similar to ours was independently proposed in [19]. We did not include their timings in our comparisons since their implementation is about ten times slower than both the optimized implementation of SIKE and the present work.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

An Alternative Approach for SIDH Arithmetic

Bouvier

Imbert

2021

Public-Key Cryptography – PKC 2021

View full text Add to dashboard Cite

In this paper, we present new algorithms for the field arithmetic layers of supersingular isogeny Diffie-Hellman; one of the fifteen remaining candidates in the NIST post-quantum standardization process. Our approach uses a polynomial representation of the field elements together with mechanisms to keep the coefficients within bounds during the arithmetic operations. We present timings and comparisons for SIKEp503 and suggest a novel 736-bit prime that offers a 1.17× speedup compared to SIKEp751 for a similar level of security.

show abstract

Section: Resultsmentioning

confidence: 99%

“…During the development of this work, a preprint posted on the IACR eprint archive [19] suggested a "new data representation", used to improve the arithmetic of SIDH. In reality, this "new" representation is a PMNS representation, which the authors did not seem to be aware of.…”

Section: Introductionmentioning

confidence: 99%

An Alternative Approach for SIDH Arithmetic

Bouvier

Imbert

2021

Public-Key Cryptography – PKC 2021

View full text Add to dashboard Cite

show abstract

“…Until now, there have been many software implementations of isogeny-based PQC algorithms (SIDH and SIKE). They have focused on the optimization of SIDH and SIKE on typical CPUs [4]- [7] and embedded processors such as ARM Cortex-M4 and ARMv8 series [8]- [16].…”

Section: Related Workmentioning

confidence: 99%

“…In 2020Tian et al [7] proposed a new data representation than can facilitate faster modular reduction than the Montgomery-based reduction, and presented the newest SIKE software library based on the proposed field arithmetic using the new representation. On 2.6 GHz Intel Xeon E5-2690 processor, their SIKEp751 library written in C language is around 1.65 times faster than the stateof-the-art SIKE implementation submitted to NIST PQC competition.…”

Section: A Supersingular Isogeny-based Pqc Implementations On Cpu Sidesmentioning

confidence: 99%

SIKE on GPU: Accelerating Supersingular Isogeny-Based Key Encapsulation Mechanism on Graphic Processing Units

Seo

2021

IEEE Access

View full text Add to dashboard Cite

Since the introduction of the Supersingular isogeny Diffie-Hellman (SIDH) key exchange protocol by Jao and de Feo in 2011, it and its variation (SIKE) have gained significant attention as a promising candidate for post-quantum cryptography (PQC). Until now, even though several implementations of the state-of-the-art SIKE mechanism were presented on CPUs and embedded MCUs, there was no consideration of implementing SIKE on parallel graphic processing units (GPUs). With the advent of the IoT era, a number of IT devices will communicate with application servers. Thus, developing efficient instance of SIKE on server sides is also important. GPUs have been considered as a promising candidate for a cryptographic accelerator. In this paper, we present an efficient implementation of Supersingular Isogeny Key Encapsulation (SIKE) mechanism on GPUs. Even though SIKE has fascinating advantages of much smaller key and ciphertext sizes compared with other NIST PQC candidates, its computational overhead is extremely high. Until now, a large amount of research has been conducted for enhancing the performance of SIKE with respect to software on typical CPU and embedded MCUs and hardware optimization on ASIC and FPGA. However, generic software optimization utilizing GPUs has not been considered yet. We target the GPU implementation of SIKEp503 security parameters which provides the security level 2 (At least as difficult to break as SHA256). For efficiency, we optimize the underlying field arithmetic, especially field multiplication and reduction over p503 = 2 250 3 159 − 1 and take full advantage of the properties of GPU architecture including memory hierarchy. The proposed GPU software based on RTX2080Ti provides around 36376.61 KeyGens/s, 25603.72 Encaps/s, and 22211.61 Decaps/s. These are about 140.64, 157.66, and 146.81 times of improvements to the SIKE CPU Software on Intel i9-10900K CPU, respectively. As far as we know, this is the first efficient implementation of SIKE software on GPU side.INDEX TERMS Graphic processing units (GPU), supersingular isogeny, SIKE, efficient implementation, post quantum cryptography, parallel processing, cloud computing. I. INTRODUCTIONIt has been widely believed that the security of currently used public-Key Cryptosystems (PKC) such as RSA, ECC, etc. will be broken as the development of quantum computers which can execute Shor's algorithm. For preparing the security of information and communication systems in quantum computing era, there is huge demand for Post Quantum Cryptosystems (PQC) which are resistant against Shor's The associate editor coordinating the review of this manuscript and approving it for publication was Wei Huang . algorithm. In 2016, NIST has started the competition process for selecting secure and efficient PQC algorithms. In 2020, NIST announced 7 finalists and 8 alternatives in round 3. Among them, SIKE (Supersingular Isogeny Key Encapsulation) mechanism is the only PQC algorithm based on elliptic curves and has an advantage of much smaller key and ciphertext sizes com...

show abstract